Privacy Policy

On 1 September 2020, HCA Hospice was awarded the Data Protection Trustmark (DPTM) Certification by the Infocomm Media Development Authority (IMDA) of Singapore in recognition of our sound practices in responsible data collection, handling and disclosure.

Personal Data Protection Act Notification

At HCA Hospice (HCA), we are committed to protecting and respecting your personal data in accordance with the Personal Data Protection Act 2012 (the “PDPA”) and our personal data protection policy.

By volunteering or providing your personal data to HCA, it will be deemed that you have agreed and consented to the collection, use and disclosure of your personal data by and amongst HCA and the HCA Entities in the manner set forth below. For purposes of this notification, “HCA Entities” includes HCA Hospice and any other organisation(s) authorised and established by HCA Hospice for the sole purpose of carrying out the obligations of HCA under the name “HCA Hospice ”, including without limitation the Healthcare Services (as defined below).

This notification describes how the HCA Entities and its representatives and/or agents (collectively, “HCA”, “we”, “us”, “our” or similar expression) may collect, use, disclose and manage your personal data.

Collection, Use and Disclosure of Personal Data

HCA’s personal data protection policy applies to all individuals whose personal data is within HCA’s possession or control. Personal data generally includes any data that can be used to identify a natural person, such as name, identification number or address, but excludes business contact information. If you have provided the personal data of another individual (such as a family member or next-of-kin), you agree that you have obtained his/her consent to HCA’s collection, use and disclosure of his/her personal data according to HCA’s personal data protection policy or that you validly give us such consent on their behalf.

In accordance with the PDPA, we have processes and procedures in place to ensure that your personal data is collected, used and disclosed only for the following purposes:

delivery of healthcare and patient care services such as the provision of medical, personal or general care to the patient (“Healthcare Services”);
evaluating and assessing the suitability for job applicants;
verification of identity
volunteer engagement
donor engagement
member engagement
regulatory reporting
business and internal administrative purposes, such as internal records and references or to process any queries or feedbacks
to facilitate any business asset transactions (which may extend to any sale, transfers, assignments or novation of assets, rights or obligations); or
for any other purposes for which we have obtained your consent, for which you may be deemed to have provided consent or are reasonably related to the foregoing.

HCA may also share or refer your personal data to relevant third parties, strictly on a need-to-know basis. Such third parties may include individual or corporate business partners such as volunteers and sponsors, HCA’s service partners or vendors, government agencies, healthcare professionals or other healthcare institutions or facilities.

HCA may use, collect and disclose the personal data for the purposes mentioned above. If you are unable to provide your consent, we will not be able to provide the intended services or information you are requesting for (if any).

We may also collect, use and disclose personal data where required or permitted by laws or regulations binding on HCA for any purpose.

Access and Correction

Under the Act, you have the right to request for information about your personal data that is in our possession or under our control. You can also request for information about the ways in which your personal data has been or may have been used or disclosed by us. An administrative fee may be imposed on you for the request.

Please fill in the request for personal information form here (click on the hyperlink to download the form) and submit your request through the following platforms:

We will respond to your access or correction request as soon as reasonably possible, or within thirty (30) calendar days from the date we receive your request. If we are unable to do so within 30 calendar days, we will let you know and give you an estimate of how much longer we require. If we are unable to provide you with any personal data or make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

Withdrawal of Consent

You also have the right to withdraw any consent that you have given to us. Please let us have any notice of withdrawal in writing, indicating your instructions clearly.

If you withdraw your consent for the collection, use or disclosure of your personal data, we will put the withdrawal into effect within thirty (30) working days of your request.

Please fill in the request for withdrawal of consent form here (click on the hyperlink to download the form) and write to our Personal Data Protection Officer for the above mentioned purposes through the following platforms.

Accuracy of Personal Data

HCA keeps personal data as accurate, complete and up-to-date as necessary, taking into account its use and the interests of our patients, members, volunteers and donors. Where possible, we will validate data provided using generally accepted practices and guidelines. This includes the requests to see original documentation before we may use the personal data such as with Personal Identifiers and/or proof of address.

Protection of Personal Data

HCA protects personal data against loss or theft, as well as unauthorised access, disclosure, copying, use or modification with security safeguards appropriate to the sensitivity of the personal data, regardless of the format in which it is held.

Retention of Personal Data

HCA will retain your personal data only for as long as the purposes for which such data is collected or used (as notified to you) continues, or where necessary for our legal or business purposes. Thereafter, HCA will delete or destroy the personal data, or remove the means by which the data can be associated with you.

Transfer of Personal Data

HCA may transfer any personal data in its possession or control to another HCA Entity as may be necessary in order to achieve the purposes set out above and to provide HCA’s services to you. HCA may transfer the personal data outside Singapore and HCA will ensure that appropriate safeguards are put in place in compliance to PDPA.

Data Breach Notification

In the event of a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, we shall promptly assess the impact and, if appropriate, report this breach within 3 calendar days to the Personal Data Protection Commission (PDPC). We will notify you when the data breach is likely to result in significant harm to you after our notification to PDPC. We may also notify other relevant regulatory agencies, where required.

Feedback and Queries

If you have any feedback or queries in relation to the protection and retention of your personal data, you may also write to our Personal Data Protection Officer. We will look into your feedback or queries, and will provide you with a response within three (3) working days.

Changes to Notification

We reserve the right to modify or change this notification at any time. This notification may be amended in tandem with changes in the legislation.

Contact Details

You may write to our Personal Data Protection Officer at the below address:

The Personal Data Protection Officer
HCA Hospice
705 Serangoon Road Block A #03-01
@Kwong Wai Shiu Hospital
Singapore 328127
Email: [email protected]

For general information about PDPA, please visit the Personal Data Protection Commission’s website at http://www.pdpc.gov.sg